ABSTRAK

Data center pada sebuah institusi telah di amati dan dianalisa untuk mendapatkan deskripsi mengenai keamamanan informasinya. Data center pernah mengalami insiden keamanan informasi berupa Shell Injection. Akibatnya, beberapa situs web tidak dapat diakses beberapa saat. Insiden ini dapat memperngaruhi proses bisnis institusi. Untuk menghindari masalah ini di masa depan, diperlukan audit keamanan informasi. Audit ini dapat dilakukan dengan menggunakan framework COBIT 5. Dalam penelitian ini, audit keamanan indormasi dilakukan terhadap keamanan informasi data center dengan fokus pada proses APO13 (Manage Security) dan DSS05 (Manage Security Service). Penelitian ini Penelitian ini dilakukan melalui tahap Initiation, Planning the Assessment, Briefing, Data Collection, Data Validation, Process Attribute Level dan Reporting the Result. Hasil penelitian ini diketahui tingkat kemampuan APO13 dan DSS05 pada saat ini (As Is) bernilai 1,54 dan 1,68 atau pada level 2, yang berarti proses APO13 dan DSS05 telah dilakukan dan dipelihara sesuai dengan rencana kerja. Oleh karena itu tingkat berikutnya (to be) ditetapkan pada level 3. Untuk mencapai level 3, beberapa rekomendasi diberikan untuk menutupi gap yang telah ditentukan dalam proses APO13 dan DSS05. Data center harus membuat rencana kerja yang rinci, data center yang dikelola dengan baik dan memiliki standar yang jelas untuk diterapkan agar dapat mencapai tujuan bisnis

ABSTRACT

A data center of an institution was observed and analyzed in order to get description about its information security.  The data center had ever experienced incidents of information security which is shell injection. As a result, some websites were not accessible for a moment. This incidents can affect business processes of the institution. In order to avoid this problem in the future, this institution needs information security audit. This audit can be done by using Framework COBIT 5. In this research,  an information security audit was conducted to Data Center Information Security by using Framework COBIT 5, focus on the process DSS05 (Manage Security Service) and APO13 (Manage Security). This research was conducted through some stages of initiation, planning the assessment, briefing, data collection, data validation, process attribute level and reporting the result. Form this research, the capability level of APO13 and DSS05 at this moment (as is) worth 1.54 and 1.68 or at level 2, which means process of APO13 and DSS05 had been done and maintained in accordance with the work plan. Therefore the next level (to be) set at level 3. In order to achieve level 3, some recommendations provided to cover the gap that has been determined in the process APO13 and DSS05. The data center have to make a detail work plan, well managed data center and have clear standard to be implemented in order to reach the business goal.

How to Cite : Martin, I.M. Arini. Wardani, L. K. (2017). ANALISIS KEAMANAN INFORMASI DATA CENTER  MENGGUNAKAN COBIT 5. Jurnal Teknik Informatika, 10(2), 119-128. doi: 10.15408/jti.v10i2.7026

Permalink/DOI: http://dx.doi.org/10.15408/jti.v10i2.7026

REFERENSI

S. Zulhuda, "Information Security In The Islam Perspective: Principle and Practices," Information and Communication Technology for The Muslim World (ICT4M), March 13, 2010.

W. Van Grembergen, "Introduction to the minitrack "IT governance and its mechanisms" HICSS 2013," Proceedings of the Annual Hawaii International Conference on System Sciences, 2013.

M. E. Whitman, "Principles of Information Security," Course TechnologyWhitman, M. E., & Mattord, H. J. (2012). Principles of Information Security. Course Technology, 2012, June 7, 2012.

ITGI, IT Assurance Guide : Using COBIT, USA: ITGI, 2007.

S. Gustavo, Data Center Fundamentals, Indanapolis: Cisco Press, 2014.

K. Jayaswal, Administering Data Centers: Servers, Storage, and Voice Over IP, Indianapolis: Wiley Publishing, Inc, 2006.

Isaca, COBIT: A Business Framework for the Governance and Management of Enterprise IT, USA: Isaca, 2013.

Isaca, COBIT 5: Enabling Process, USA: Isaca, 2012.

Isaca, COBIT 5: Implementation, USA: ISaca, 2012.

Isaca, Process Assessment Model: Using COBIT 5, USA: ISaca, 2013.

Isaca, COBIT 5: Enabling Processes, USA: Isaca, 2012.

Isaca, COBIT 5: Foundation With Case Study (ITG-2531.10), USA: Isaca, 2012.